9.3.0 and DNS REQUEST

Barry Margolin barmar at alum.mit.edu
Fri Nov 12 05:04:44 UTC 2004


In article <cn0ug3$v5h$1 at sf1.isc.org>,
 "J.D. Bronson" <jbronson at wixb.com> wrote:

>   I have noticed that some spammers have been trying to grab all my zone
>   information (But not a XFR)...and the cisco IDS box I have logs this:
> 
>   DNS REQUEST ALL
> 
> 
>   I can duplicate this:
> 
>   #nslookup
>     server dns1.domain.com
>     set q=any
>     domain.com
> 
> 
>   and as expected the entire DNS record is presented.

That shouldn't return all the zone information, it should just return 
the records for domain.com itself.

>   Is there any way to stop this within BIND? - I can DROP the packet using
>   IDS on the Cisco, but my 3rd DNS server is located in a system that I
>   cannot do this in...

ANY queries are very common.  sendmail sends them to get the MX and A 
record for your domain in one shot.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***



More information about the bind-users mailing list